diff --git a/opnsense_device_control.yaml b/opnsense_device_control.yaml new file mode 100644 index 0000000..bf478f9 --- /dev/null +++ b/opnsense_device_control.yaml @@ -0,0 +1,481 @@ +# OPNsense Device Control Configuration for Home Assistant +# This provides device discovery, user assignment, and internet blocking capabilities + +# Input Selects for User Assignment +input_select: + # Bella's Devices (Age 14) + device_user_bella_phone: + name: "Bella's Phone Owner" + options: + - "Bella" + - "Xander" + - "William" + - "Parent" + - "Guest" + - "Unassigned" + initial: "Bella" + icon: mdi:cellphone + + device_user_bella_tablet: + name: "Bella's Tablet Owner" + options: + - "Bella" + - "Xander" + - "William" + - "Parent" + - "Guest" + - "Unassigned" + initial: "Bella" + icon: mdi:tablet + + # Xander's Devices (Age 15) + device_user_xander_phone: + name: "Xander's Phone Owner" + options: + - "Bella" + - "Xander" + - "William" + - "Parent" + - "Guest" + - "Unassigned" + initial: "Xander" + icon: mdi:cellphone + + device_user_xander_desktop: + name: "Xander's Desktop Owner" + options: + - "Bella" + - "Xander" + - "William" + - "Parent" + - "Guest" + - "Unassigned" + initial: "Xander" + icon: mdi:desktop-tower + + # William's Devices (Age 17) + device_user_william_phone: + name: "William's Phone Owner" + options: + - "Bella" + - "Xander" + - "William" + - "Parent" + - "Guest" + - "Unassigned" + initial: "William" + icon: mdi:cellphone + + device_user_william_laptop: + name: "William's Laptop Owner" + options: + - "Bella" + - "Xander" + - "William" + - "Parent" + - "Guest" + - "Unassigned" + initial: "William" + icon: mdi:laptop + +# Input Booleans for Internet Blocking +input_boolean: + # Master Controls + parental_controls_enabled: + name: "Parental Controls Enabled" + icon: mdi:shield-account + + # Bella's Device Blocks + block_bella_phone: + name: "Block Bella's Phone" + icon: mdi:cellphone-off + + block_bella_tablet: + name: "Block Bella's Tablet" + icon: mdi:tablet-off + + # Xander's Device Blocks + block_xander_phone: + name: "Block Xander's Phone" + icon: mdi:cellphone-off + + block_xander_desktop: + name: "Block Xander's Desktop" + icon: mdi:desktop-tower-off + + # William's Device Blocks + block_william_phone: + name: "Block William's Phone" + icon: mdi:cellphone-off + + block_william_laptop: + name: "Block William's Laptop" + icon: mdi:laptop-off + + # User-wide blocks (blocks ALL devices for a user) + block_all_bella_devices: + name: "Block All Bella's Devices" + icon: mdi:account-off + + block_all_xander_devices: + name: "Block All Xander's Devices" + icon: mdi:account-off + + block_all_william_devices: + name: "Block All William's Devices" + icon: mdi:account-off + +# Input Text for Device MAC Addresses +input_text: + # Bella's Device MACs + mac_bella_phone: + name: "Bella's Phone MAC" + initial: "" + icon: mdi:cellphone + + mac_bella_phone_wifi: + name: "Bella's Phone WiFi MAC" + initial: "" + icon: mdi:wifi + + mac_bella_tablet: + name: "Bella's Tablet MAC" + initial: "" + icon: mdi:tablet + + mac_bella_tablet_wifi: + name: "Bella's Tablet WiFi MAC" + initial: "" + icon: mdi:wifi + + # Xander's Device MACs + mac_xander_phone: + name: "Xander's Phone MAC" + initial: "" + icon: mdi:cellphone + + mac_xander_phone_wifi: + name: "Xander's Phone WiFi MAC" + initial: "" + icon: mdi:wifi + + mac_xander_desktop: + name: "Xander's Desktop MAC (Wired)" + initial: "" + icon: mdi:desktop-tower + + mac_xander_desktop_wifi: + name: "Xander's Desktop MAC (WiFi)" + initial: "" + icon: mdi:wifi + + # William's Device MACs + mac_william_phone: + name: "William's Phone MAC" + initial: "" + icon: mdi:cellphone + + mac_william_phone_wifi: + name: "William's Phone WiFi MAC" + initial: "" + icon: mdi:wifi + + mac_william_laptop: + name: "William's Laptop MAC (Wired)" + initial: "" + icon: mdi:laptop + + mac_william_laptop_wifi: + name: "William's Laptop MAC (WiFi)" + initial: "" + icon: mdi:wifi + +# Sensors for Device Status +sensor: + - platform: template + sensors: + bella_devices_blocked_count: + friendly_name: "Bella Blocked Devices" + value_template: > + {% set count = 0 %} + {% if is_state('input_boolean.block_bella_phone', 'on') %} + {% set count = count + 1 %} + {% endif %} + {% if is_state('input_boolean.block_bella_tablet', 'on') %} + {% set count = count + 1 %} + {% endif %} + {{ count }} + icon_template: mdi:counter + + xander_devices_blocked_count: + friendly_name: "Xander Blocked Devices" + value_template: > + {% set count = 0 %} + {% if is_state('input_boolean.block_xander_phone', 'on') %} + {% set count = count + 1 %} + {% endif %} + {% if is_state('input_boolean.block_xander_desktop', 'on') %} + {% set count = count + 1 %} + {% endif %} + {{ count }} + icon_template: mdi:counter + + william_devices_blocked_count: + friendly_name: "William Blocked Devices" + value_template: > + {% set count = 0 %} + {% if is_state('input_boolean.block_william_phone', 'on') %} + {% set count = count + 1 %} + {% endif %} + {% if is_state('input_boolean.block_william_laptop', 'on') %} + {% set count = count + 1 %} + {% endif %} + {{ count }} + icon_template: mdi:counter + +# REST Commands for OPNsense API +rest_command: + # Create/Update Firewall Alias for Blocked MACs + opnsense_update_blocked_alias: + url: "https://10.0.0.254/api/firewall/alias/setItem/{{ alias_uuid }}" + method: POST + headers: + Content-Type: application/json + payload: > + { + "alias": { + "enabled": "1", + "name": "{{ alias_name }}", + "type": "mac", + "content": "{{ mac_addresses }}", + "description": "{{ description }}" + } + } + username: !secret opnsense_api_key + password: !secret opnsense_api_secret + verify_ssl: false + + # Apply Firewall Changes + opnsense_apply_firewall: + url: "https://10.0.0.254/api/firewall/filter/apply" + method: POST + username: !secret opnsense_api_key + password: !secret opnsense_api_secret + verify_ssl: false + + # Create Block Rule for Alias + opnsense_create_block_rule: + url: "https://10.0.0.254/api/firewall/filter/addRule" + method: POST + headers: + Content-Type: application/json + payload: > + { + "rule": { + "enabled": "1", + "action": "block", + "interface": "lan", + "direction": "out", + "ipprotocol": "inet", + "protocol": "any", + "source_net": "{{ alias_name }}", + "destination_net": "any", + "description": "{{ description }}", + "log": "1" + } + } + username: !secret opnsense_api_key + password: !secret opnsense_api_secret + verify_ssl: false + +# Automations +automation: + # Block All Bella Devices Toggle + - id: block_all_bella_devices_on + alias: "Block All Bella Devices - ON" + trigger: + - platform: state + entity_id: input_boolean.block_all_bella_devices + to: 'on' + action: + - service: input_boolean.turn_on + target: + entity_id: + - input_boolean.block_bella_phone + - input_boolean.block_bella_tablet + + - id: block_all_bella_devices_off + alias: "Block All Bella Devices - OFF" + trigger: + - platform: state + entity_id: input_boolean.block_all_bella_devices + to: 'off' + action: + - service: input_boolean.turn_off + target: + entity_id: + - input_boolean.block_bella_phone + - input_boolean.block_bella_tablet + + # Block All Xander Devices Toggle + - id: block_all_xander_devices_on + alias: "Block All Xander Devices - ON" + trigger: + - platform: state + entity_id: input_boolean.block_all_xander_devices + to: 'on' + action: + - service: input_boolean.turn_on + target: + entity_id: + - input_boolean.block_xander_phone + - input_boolean.block_xander_desktop + + - id: block_all_xander_devices_off + alias: "Block All Xander Devices - OFF" + trigger: + - platform: state + entity_id: input_boolean.block_all_xander_devices + to: 'off' + action: + - service: input_boolean.turn_off + target: + entity_id: + - input_boolean.block_xander_phone + - input_boolean.block_xander_desktop + + # Block All William Devices Toggle + - id: block_all_william_devices_on + alias: "Block All William Devices - ON" + trigger: + - platform: state + entity_id: input_boolean.block_all_william_devices + to: 'on' + action: + - service: input_boolean.turn_on + target: + entity_id: + - input_boolean.block_william_phone + - input_boolean.block_william_laptop + + - id: block_all_william_devices_off + alias: "Block All William Devices - OFF" + trigger: + - platform: state + entity_id: input_boolean.block_all_william_devices + to: 'off' + action: + - service: input_boolean.turn_off + target: + entity_id: + - input_boolean.block_william_phone + - input_boolean.block_william_laptop + + # Update OPNsense when blocks change + - id: update_opnsense_bella_blocks + alias: "Update OPNsense - Bella Blocks" + trigger: + - platform: state + entity_id: + - input_boolean.block_bella_phone + - input_boolean.block_bella_tablet + action: + - service: rest_command.opnsense_update_blocked_alias + data: + alias_uuid: "bella_blocked" + alias_name: "Blocked_Bella" + description: "Bella's Blocked Devices" + mac_addresses: > + {% set macs = [] %} + {% if is_state('input_boolean.block_bella_phone', 'on') %} + {% if states('input_text.mac_bella_phone') != '' %} + {% set macs = macs + [states('input_text.mac_bella_phone')] %} + {% endif %} + {% if states('input_text.mac_bella_phone_wifi') != '' %} + {% set macs = macs + [states('input_text.mac_bella_phone_wifi')] %} + {% endif %} + {% endif %} + {% if is_state('input_boolean.block_bella_tablet', 'on') %} + {% if states('input_text.mac_bella_tablet') != '' %} + {% set macs = macs + [states('input_text.mac_bella_tablet')] %} + {% endif %} + {% if states('input_text.mac_bella_tablet_wifi') != '' %} + {% set macs = macs + [states('input_text.mac_bella_tablet_wifi')] %} + {% endif %} + {% endif %} + {{ macs | join('\n') }} + - delay: + seconds: 2 + - service: rest_command.opnsense_apply_firewall + + - id: update_opnsense_xander_blocks + alias: "Update OPNsense - Xander Blocks" + trigger: + - platform: state + entity_id: + - input_boolean.block_xander_phone + - input_boolean.block_xander_desktop + action: + - service: rest_command.opnsense_update_blocked_alias + data: + alias_uuid: "xander_blocked" + alias_name: "Blocked_Xander" + description: "Xander's Blocked Devices" + mac_addresses: > + {% set macs = [] %} + {% if is_state('input_boolean.block_xander_phone', 'on') %} + {% if states('input_text.mac_xander_phone') != '' %} + {% set macs = macs + [states('input_text.mac_xander_phone')] %} + {% endif %} + {% if states('input_text.mac_xander_phone_wifi') != '' %} + {% set macs = macs + [states('input_text.mac_xander_phone_wifi')] %} + {% endif %} + {% endif %} + {% if is_state('input_boolean.block_xander_desktop', 'on') %} + {% if states('input_text.mac_xander_desktop') != '' %} + {% set macs = macs + [states('input_text.mac_xander_desktop')] %} + {% endif %} + {% if states('input_text.mac_xander_desktop_wifi') != '' %} + {% set macs = macs + [states('input_text.mac_xander_desktop_wifi')] %} + {% endif %} + {% endif %} + {{ macs | join('\n') }} + - delay: + seconds: 2 + - service: rest_command.opnsense_apply_firewall + + - id: update_opnsense_william_blocks + alias: "Update OPNsense - William Blocks" + trigger: + - platform: state + entity_id: + - input_boolean.block_william_phone + - input_boolean.block_william_laptop + action: + - service: rest_command.opnsense_update_blocked_alias + data: + alias_uuid: "william_blocked" + alias_name: "Blocked_William" + description: "William's Blocked Devices" + mac_addresses: > + {% set macs = [] %} + {% if is_state('input_boolean.block_william_phone', 'on') %} + {% if states('input_text.mac_william_phone') != '' %} + {% set macs = macs + [states('input_text.mac_william_phone')] %} + {% endif %} + {% if states('input_text.mac_william_phone_wifi') != '' %} + {% set macs = macs + [states('input_text.mac_william_phone_wifi')] %} + {% endif %} + {% endif %} + {% if is_state('input_boolean.block_william_laptop', 'on') %} + {% if states('input_text.mac_william_laptop') != '' %} + {% set macs = macs + [states('input_text.mac_william_laptop')] %} + {% endif %} + {% if states('input_text.mac_william_laptop_wifi') != '' %} + {% set macs = macs + [states('input_text.mac_william_laptop_wifi')] %} + {% endif %} + {% endif %} + {{ macs | join('\n') }} + - delay: + seconds: 2 + - service: rest_command.opnsense_apply_firewall